Title :
IDS for detecting malicious non-executable files using dynamic analysis
Author :
Bazzi, Ahmad ; Onozato, Yoshikuni
Author_Institution :
Graduate School of Engineering, Gunma University, 1-5-1 Tenjin-cho, Kiryu, 376-8515, Japan
Abstract :
Attackers are increasingly relying on non-executable files to launch their attacks. Anti-virus solutions can detect a high percentage of malicious files but usually cannot reach and maintain a 100% detection rate. We propose a file-level IDS that relies on automated dynamic analysis system (sandbox) to detect malicious PDF files. We achieved a 99.2% detection rate, where the rates of both the false positives and the false negatives are less than 1%. Because it does not rely on anti-virus signatures, this solution can detect malicious documents that utilize malware not covered by the anti-virus database.
Keywords :
Databases; Portable document format;
Conference_Titel :
Network Operations and Management Symposium (APNOMS), 2013 15th Asia-Pacific
Conference_Location :
Hiroshima, Japan
